Linux Blimp

Glances is a free open source, modern, cross-platform, real-time top and htop like system monitoring tool. It offers advanced features compared to its counterparts, and can run in different modes: as a standalone, in client/server mode and in web server mode.

Considering the web server mode, you do not necessarily need to log into your remote server via SSH to run glances, you can run it in web server mode and access it via a web browser to remotely monitor your Linux server, as explained below.

To run glances in web server mode, you need to install it together with the Python bottle module, a fast, simple and lightweight WSGI micro web-framework, using the appropriate command for your Linux distribution.

$ sudo apt install glances python-bottle	#Debian/Ubuntu
$ sudo yum install glances python-bottle	#RHEL/CentOS
$ sudo dnf install glancespython-bottle	        #Fedora 22+

Alternatively, install it using PIP command like shown.

$ sudo pip install bottle

Once you have installed the above packages, launch glances with the -w flag to run it in web server mode. By default, it will listen on port 61208.

$ glances -w 
OR
$ glances -w &

If you are running firewalld services, then you should open port 61208 to allow inbound traffic to that port.

$ sudo firewall-cmd --permanent --add-port=61208/tcp
$ sudo firewall-cmd --reload

For UFW firewall, run these commands.

$ sudo  ufw  allow 61208/tcp
$ sudo  ufw  allow reload

After that, from a web browser, use the URL http://SERVER_IP:61208/ to access the glances UI.

If you are using systemd system and services manager, you can run glances in web server mode as a service for efficient management, as explained in the next section. I actually prefer this method to running it as a background process.

Run Glances in Web Server Mode as a Service

Start by creating your service unit file (which I have preferred to name as glancesweb.service) under /usr/lib/systemd/system/glancesweb.service.

$ sudo vim /usr/lib/systemd/system/glancesweb.service

Then copy and paste the unit file configuration below in it.

[Unit]
Description = Glances in Web Server Mode
After = network.target

[Service]
ExecStart = /usr/bin/glances  -w  -t  5

[Install]
WantedBy = multi-user.target

The above configuration tells systemd that this is a unit of type service, it should be loaded after the network.target.

And once the system is in the network target, systemd will invoke the command “/usr/bin/glances -w -t 5” as a service. The -t specifies an interval for live updates in seconds.

The [install] section informs systemd that this service is wanted by “multi-user.target”. Therefore, when you enable it, a symbolic link is created from the /etc/systemd/system/multi-user.target.wants/glancesweb.service to /usr/lib/systemd/system/glancesweb.service. Disabling it will delete this symbolic link.

Next, enable your new systemd service, start and view its status as follows.

$ sudo systemctl enable connection.service
$ sudo systemctl start connection.service
$ sudo systemctl status connection.service

Finally, from your web browser, use the URL http://SERVER_IP:61208/ to remotely monitor your Linux servers via the glances UI, on any device (smart phone, tablet or computer).

You can change the refresh rate of the page, simply add the period in seconds at the end of the URL, this sets the refresh rate to 8 seconds.

http://SERVERI_P:61208/8	

One downside of running glances in web server mode is that, if the Internet connection is poor the client tends to easily disconnect from the server.

You can learn how to create new systemd services from this guide:

1. How to Create and Run New Service Units in Systemd Using Shell Script

That’s all! If you have any questions or additional information to add, use the comment from below.

Source

It has been said before -and I couldn’t agree more- that some of the best system administrators are those who seem (note the use of the word seem here) to be lazy all the time.

While that may sound somewhat paradoxical, I bet it must be true in most cases – not because they are not doing the job they are supposed to be doing, but rather because they have automated most of it.

One of the critical needs of a Linux system is to be kept up to date with the latest security patches available for the corresponding distribution.

In this article we will explain how to set up your Debian and Ubuntu system to auto install (or update) essential security packages or patches automatically when needed.

Other Linux distributions such as CentOS/RHEL configured to install security updates automatically.

Needless to say, you will need superuser privileges in order to perform the tasks outlined in this article.

Configure Automatic Security Updates On Debian/Ubuntu

To begin, install the following packages:

# aptitude update -y && aptitude install unattended-upgrades apt-listchanges -y

where apt-listchanges will report what has been changed during an upgrade.

Next, open /etc/apt/apt.conf.d/50unattended-upgrades with your preferred text editor and add this line inside the Unattended-Upgrade::Origins-Pattern block:

Unattended-Upgrade::Mail "root";

Finally, use the following command to create and populated the required configuration file (/etc/apt/apt.conf.d/20auto-upgrades) to activate the unattended updates:

# dpkg-reconfigure -plow unattended-upgrades

Choose Yes when prompted to install unattended upgrades:

then check that the following two lines have been added to /etc/apt/apt.conf.d/20auto-upgrades:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

And add this line to make reports verbose:

APT::Periodic::Verbose "2";

Last, inspect /etc/apt/listchanges.conf to make sure notifications will be sent to root.

In this post we have explained how to make sure your system is updated regularly with the latest security patches. Additionally, you learned how to set up notifications in order to keep yourself informed when patches are applied.

Do you have any questions about this article? Feel free to drop us a note using the comment form below. We look forward to hearing from you.

Source

GIMP (in full GNU Image Manipulation Program) is a free open source, powerful, and cross-platform image manipulation software that runs on GNU/Linux, OS X, Windows plus many other operating systems.

It is highly customizable and extensible via third party plugins. It offers advanced tools for graphic designers, photographers, graphical illustrators as well as scientists for high quality image manipulation.

For programmers, it also supports scripted image manipulation, with multiple programming languages such as C, C++, Perl, Python, Scheme, and so much more. The latest major release of GIMP is version 2.10 which was released a few weeks ago, and there is a recent update release GIMP 2.10.2.

What’s New in GIMP 2.10

Some of the important new highlights of this release are:

• Ships in with a number of new and improved tools such as the Warp transform, the Unified transform and the Handle transform tools.
• Color management has become a core feature.
• Improvements to histogram computation.
• Added support for HEIF image format.
• Image processing almost completely ported to GEGL.
• Uses on-canvas preview for all filters ported to GEGL.
• Improved digital painting with support for functions such as canvas rotation and flipping, symmetry painting, MyPaint brush.
• Support for several new image formats such as OpenEXR, RGBE, WebP, and HGT.
• Supports metadata viewing and editing for Exif, XMP, IPTC, and DICOM.
• Offers basic HiDPI support.
• Comes with some fresh themes:Light, Gray, Dark, and System and symbolic icons.
• Added two new filters: spherize and recursive transform, and more.

If you want to know more about GIMP 2.10 features in detail, please refer to its release note.

Install GIMP 2.10 in Ubuntu & Linux Mint

You can install or update Gimp on Ubuntu and Linux Mint using one of the following methods.

Install Gimp Using PPA

The developer Otto Kesselgulasch maintains a unofficial PPA, which has the latest version of the Gimp program for you to install on Ubuntu 17.10 and 18.04 (16.04 builds are said to be on the way), .

$ sudo add-apt-repository ppa:otto-kesselgulasch/gimp
$ sudo apt update
$ sudo apt install gimp

The above PPA will install or upgrade (if you already have GIMP 2.8) to GIMP 2.10.

Install Gimp Using Flatpak

This is the most recommended way to install GIMP 2.10 on Ubuntu, Linux Mint and other Ubuntu-based Linux distributions by using the official Flatpak app on the Flathub app store.

If you don’t have support for Flatpak, then you need to enable Flatpak support first using the following commands.

$ sudo add-apt-repository ppa:alexlarsson/flatpak
$ sudo apt update
$ sudo apt install flatpak

Once you have Fltapak support, use the following command to install GIMP 2.10.

$ flatpak install https://flathub.org/repo/appstream/org.gimp.GIMP.flatpakref

Once Gimp installed, if you don’t see it in the menu, you can start it using the following command.

$ flatpak run org.gimp.GIMP

Uninstall GIMP 2.10 in Ubuntu & Linux Mint

For any reasons, if you don’t like GIMP 2.10 and want to uninstall or roll back to old stable version. To accomplish this, you need the ppa-purge program to purge the PPA from your system using following commands.

$ sudo apt install ppa-purge
$ sudo ppa-purge ppa:otto-kesselgulasch/gimp

That’s all! In this article, we have explained how to install latest version of GIMP 2.10 in Ubuntu, Linux Mint and Ubuntu-based Linux distributions. If you have any questions, let us know via the feedback form below.

Source

In Unix/Linux systems, the root user account is the super user account, and it can therefore be used to do anything and everything achievable on the system.

However, this can be very dangerous in so many ways – one could be that the root user might enter a wrong command and breaks the whole system or an attacker gets access to root user account and takes control of the whole system and who knows what he/she can possibly do.

Based upon this background, in Ubuntu and its derivatives, the root user account is locked by default, regular users (system administrators or not) can only gain super user privileges by using the sudo command.

And one of the worst things that can happen to a Ubuntu System admin is losing privileges to use the sudocommand, a situation commonly referred to as “broken sudo”. This can be absolutely devastating.

A broken sudo may be caused by any of the following:

1. A user should not have been removed from the sudo or admin group.
2. The /etc/sudoers file was altered to prevent users in sudo or admin group from elevating their privileges to that of root using sudo command.
3. The permission on /etc/sudoers file is not set to 0440.

In order to perform crucial tasks on your system such as viewing or altering important system files, or updating the system, you need the sudo command to gain super user privileges. What if you are denied usage of sudodue one or more of the reasons we mentioned above.

Below is an image showing a case in which the default system user is being prevented from running sudocommand:

tecmint@TecMint ~ $ sudo visudo
[ sudo ] password for aaronkilik:
aaronkilik is not in the sudoers file.   This incident will be reported.

tecmint@TecMint ~ $ sudo apt install vim
[ sudo ] password for aaronkilik:
aaronkilik is not in the sudoers file.   This incident will be reported.

How To Fix Broken sudo Command in Ubuntu

If you happen to be running only Ubuntu on your machine, after powering it, press the Shift key for a few seconds to get the Grub boot menu. On the other hand, if you are running a dual-boot (Ubuntu alongside Windows or Mac OS X), then you should see the Grub boot menu by default.

Using the Down Arrow, select “Advanced options for Ubuntu” and press Enter.

You will be at the interface below, select the kernel with “recovery mode” option as below and press Enter to advance to the “Recovery menu”.

Below is the “Recovery menu”, indicating that the root filesystem is mounted as read-only. Move over to the line “root Drop to root shell prompt”, then hit Enter.

Next, press Enter for maintenance:

At this point, you should be at the root shell prompt. As we had seen before, the filesystem is mounted as read-only, therefore, to make changes to the system we need to remount is as read/write by running the command below:

# mount -o rw,remount /

Solving Case #1 – Add User to sudo or admin Group

Assuming that a user has been removed from the sudo group, to add user back to sudo group issue the command below:

# adduser username sudo

Note: Remember to use the actual username on the system, for my case, it is aaronkilik.

Or else, under the condition that a user has been removed from the admin group, run the following command:

# adduser username admin

Solving Case #2 – Granting sudo Privileges to Users

On the assumption that the /etc/sudoers file was altered to prevent users in sudo or admin group from elevating their privileges to that of a super user, then make a backup of the sudoers files as follows:

# cp /etc/sudoers /etc/sudoers.orginal

Subsequently, open the sudoers file.

# visudo

and add the content below:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbi$

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

Solving Case #3 – Setting Correct Permission on sudoers File

Supposing that the permission on /etc/sudoers file is not set to 0440, then run following command to make it right:

# chmod  0440  /etc/sudoers

Last but not least, after running all the necessary commands, type the exit command to go back to the “Recovery menu”:

# exit 

Use the Right Arrow to select <Ok> and hit Enter:

Press <Ok> to continue with normal boot sequence:

Summary

This method should work just fine especially when it is an administrative user account involved, where there is no other option but to use the recovery mode.

However, if it fails to work for you, try to get back to us by expressing your experience via the feedback section below. You can as well offer any suggestions or other possible ways to solve the issue at hand or improve this guide altogether.

Source

MySQL community server is a free open source, popular and cross-platform database management system. It supports both SQL and NoSQL, and has a pluggable storage engine architecture. Additionally, it also comes with multiple database connectors for different programming languages, allowing you to develop applications using any of the well known languages, and many other features.

It has many use cases under document storage, cloud, high availability systems, IoT (Internet of Things), hadoop, big data, data warehousing, LAMP or LEMP stack for supporting high-volume website/apps and much more.

In this article, we will explain a fresh installation of MySQL 8.0 database system on Ubuntu 18.04 Bionic Beaver. Before we move onto the actual installation steps, let’s look at a summary of:

What’s New in MySQL 8.0

• The database now incorporates a transactional data dictionary.
• Comes with Atomic DDL statement support.
• Enhanced security and account management.
• Improvements to resource management.
• Several InnoDB enhancements.
• New type of backup lock.
• Default character set has changed to utf8mb4 from latin1.
• A couple of JSON enhancements.
• Comes with regular expression support using International Components for Unicode (ICU).
• New error logging which now uses the MySQL component architecture.
• Enhancements to MySQL replication.
• Supports common table expressions(both non-recursive and recursive).
• Has an enhanced optimizer.
• Additional window functions and more.

Step 1: Add MySQL Apt Repository

Luckily, there is an APT repository for installing the MySQL server, client, and other components. You need to add this MySQL repository to your system’s package sources list; start by downloading the repository package using the wget tool from the command line.

$ wget -c https://dev.mysql.com/get/mysql-apt-config_0.8.10-1_all.deb 

Then install the MySQL repository package using the following dpkg command.

$ sudo dpkg -i mysql-apt-config_0.8.10-1_all.deb 

Note that in the package installation process, you will be prompted to choose MySQL server version and other components such as cluster, shared client libraries, or the MySQL workbench that you want to configure for installation.

MySQL server version mysql-8.0 will be auto-selected, then scroll down to the last option Ok and click [Enter]to finish the configuration and installation of the release package, as shown in the screenshot.

Step 2: Install MySQL Server in Ubuntu 18.04

Next, download the latest package information from all configured repositories, including the recently added MySQL repository.

$ sudo apt update

Then run the following command to install packages for the MySQL community server, client and the database common files.

$ sudo apt-get install mysql-server

Through the installation process, you will be asked to enter a password for the root user for your MySQL server, re-enter the password to confirm it and press [Enter].

Next, the MySQL server authentication plugin configuration message will appear, read through it and use the right arrow to choose Ok and press [Enter] to continue.

Afterwards, you will be asked to select the default authentication plugin to use, then use the right arrow to choose Ok and press [Enter] to complete the package configuration.

Step 3: Secure MySQL Server Installation

By default, the MySQL installation is unsecure. To secure it, run the security script which comes with the binary package. You will be asked to enter the root password you set during the installation process. Then also choose whether to use the VALIDATE PASSWORD plugin or not.

You can also change the root password you set before (as we have done in this example). Then enter yes/y to the following security questions:

• Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
• Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
• Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
• Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y

Launch the script by issuing the following command.

$ sudo mysql_secure_installation

To further secure your MySQL server, read our article 12 MySQL/MariaDB Security Best Practices for Linux.

Step 4: Managing MySQL Server via Systemd

On Ubuntu, after installing a package, it’s service(s) are usually started automatically once the package is configured. You can check if the MySQL server is up and running using following command.

$ sudo systemctl status mysql

If for one reason or the other, it isn’t auto-started, use the commands below to start and enable it to start at system boot time, as follows.

$ sudo systemctl status mysql
$ sudo systemctl enable mysql

Step 5: Install Extra MySQL Products and Components

In addition, you can install extra MySQL components that you feel you need in order to work with the server, such as mysql-workbench-community, libmysqlclient18 and many others.

$ sudo apt-get update
$ sudo apt-get install mysql-workbench-community libmysqlclient18

Finally, to access the MySQL shell, issue the following command.

$ sudo mysql -u root -p

For more information, read the MySQL 8.0 Release Notes.

That’s It! In this article, we have explained how to install MySQL 8.0 in Ubuntu 18.04 Bioni Beaver. If you have any questions or thoughts to share, use the comment form below to reach us.

Source

When today traffic and casual internet speeds is measured in teens of Giga over an eye blink even for ordinary Internet clients, what’s the purpose of setting a local repository cache on LAN’s you may ask?

One of the reasons is to reduce Internet bandwidth and high speed on pulling packages from local cache. But, also, another major reason should be privacy. Let’s imagine that clients from your organization are Internet restricted, but their Linux boxes need to regular system updates on software and security or just need new software packages. To go further picture, a server that runs on a private network, contains and serves secret sensitive information only for a restricted network segment, and should never be exposed to public Internet.

This are just a few reasons why you should build a local repository mirror on your LAN, delegate an edge server for this job and configure internal clients to pull out software form its cache mirror.

Ubuntu provides apt-mirror package to synchronize local cache with official Ubuntu repositories, mirror that can be configured through a HTTP or FTP server to share its software packages with local system clients.

For a complete mirror cache your server needs at least 120G free space reserved for local repositories.

Requirements

1. Min 120G free space
2. Proftpd server installed and configured in anonymous mode.

Step 1: Configure Server

1. The first thing you may want to do is to identify the closest and fastest Ubuntu mirrors near you’re location by visiting Ubuntu Archive Mirror page and select your country.

If your country provides more mirrors you should identify mirror address and do some tests based on ping or traceroute results.

2. The next step is to install required software for setting up local mirror repository. Install apt-mirror and proftpd packages and configure proftpd as standalone system daemon.

$ sudo apt-get install apt-mirror proftpd-basic

3. Now it’s time to configure apt-mirror server. Open and edit /etc/apt/mirror.list file by adding your nearest locations (Step 1) – optional, if default mirrors are fast enough or you’re not in a hurry – and choose your system path where packages should be downloaded. By default apt-mirror uses /var/spool/apt-mirror location for local cache but on this tutorial we are going to use change system path and point set base_path directive to /opt/apt-mirror location.

$ sudo nano /etc/apt/mirror.list

Also you can uncomment or add other source list before clean directive – including Debian sources – depending on what Ubuntu versions your clients use. You can add sources from 12.04, if you like but be aware that adding more sources requires more free space.

For Debian source lists visit Debian Wiki or Debian Sources List Generator.

4. All you need to do now is, just create path directory and run apt-mirror command to synchronize official Ubuntu repositories with our local mirror.

$ sudo mkdir -p /opt/apt-mirror
$ sudo apt-mirror

As you can see apt-mirror proceeds with indexing and downloading archives presenting total number of downloaded packages and their size. As we can imagine 110-120 GB is large enough to take some time to download.

You can run ls command to view directory content.

Once the initial download is completed, future downloads will be small.

5. While apt-mirror downloads packages, you can configure your Proftpd server. The first thing you need to do is, to create anonymous configuration file for proftpd by running the following command.

$ sudo nano /etc/proftpd/conf.d/anonymous.conf

Then add the following content to anonymous.conf file and restart proftd service.

<Anonymous ~ftp>
   User                    ftp
   Group                nogroup
   UserAlias         anonymous ftp
   RequireValidShell        off
#   MaxClients                   10
   <Directory *>
     <Limit WRITE>
       DenyAll
     </Limit>
   </Directory>
 </Anonymous>

6. Next step is to link apt-mirror path to proftpd path by running a bind mount by issuing the command.

$ sudo mount --bind /opt/apt-mirror/mirror/archive.ubuntu.com/  /srv/ftp/

To verify it run mount command with no parameter or option.

$ mount

7. Last step is to make sure that Proftpd server is automatically started after system reboot and mirror-cachedirectory is also automatically mounted on ftp server path. To automatically enable proftpd run the following command.

$ sudo update-rc.d proftpd enable

To automatically mount apt-mirror cache on proftpd open and edit /etc/rc.local file.

$ sudo nano /etc/rc.local

Add the following line before exit 0 directive. Also use 5 seconds delay before attempting to mount.

sleep 5
sudo mount --bind  /opt/apt-mirror/mirror/archive.ubuntu.com/ /srv/ftp/

If you pull packages from Debian repositories run the following commands and make sure appropriate settings for above rc.local file are enabled.

$ sudo mkdir /srv/ftp/debian
$ sudo mount --bind /opt/apt-mirror/mirror/ftp.us.debian.org/debian/ /srv/ftp/debian/

8. For a daily apt-mirror synchronization you can also create a system schedule job to run at 2 AM every day. Run crontab command, select your preferred editor then add the following line syntax.

$ sudo crontab –e

On last line add the following line.

0  2  *  *  *  /usr/bin/apt-mirror >> /opt/apt-mirror/mirror/archive.ubuntu.com/ubuntu/apt-mirror.log

Now every day at 2 AM your system repository cache will synchronize with Ubuntu official mirrors and create a log file.

Step 2: Configure clients

9. To configure local Ubuntu clients, edit /etc/apt/source.list on client computers to point to the IP address or hostname of apt-mirror server – replace http protocol with ftp, then update system.

deb ftp://192.168.1.13/ubuntu trusty universe
deb ftp://192.168.1.13/ubuntu trusty main restricted
deb ftp://192.168.1.13/ubuntu trusty-updates main restricted
## Ad so on….

10. To view repositories you can actually open a browser and point to your server IP address of domain name using FTP protocol.

The same system applies also to Debian clients and servers, the only change needed are debian mirror and sources list.

Also if you install a fresh Ubuntu or Debian system, provide your local mirror manually whit ftp protocol when installer asks which repository to use.

The great thing about having your own local mirror repositories is that you’re always on current and your local clients don’t have to connect to Internet to install updates or software.

Source

The LEMP stack is an acronym which represents is a group of packages (Linux OS, Nginx web server, MySQL\MariaDB database and PHP server-side dynamic programming language) which are used to deploy dynamic web applications and web pages.

This tutorial will guide you on how to install a LEMP stack with MariaDB 10, PHP 7 and HTTP 2.0 Support for Nginx on Ubuntu 16.10 and Ubuntu 16.04 server/desktop editions.

Requirements

1. Installation of Ubuntu 16.04 Server Edition [instructions also works on Ubuntu 16.10]

Step 1: Install the Nginx Web Server

1. Nginx is a modern and resources efficient web server used to display web pages to visitors on the internet. We’ll start by installing Nginx web server from Ubuntu official repositories by using the apt command line.

$ sudo apt-get install nginx

2. Next, issue the netstat and systemctl commands in order to confirm if Nginx is started and binds on port 80.

$ netstat -tlpn

$ sudo systemctl status nginx.service

Once you have the confirmation that the server is started you can open a browser and navigate to your server IP address or DNS record using HTTP protocol in order to visit Nginx default web page.

http://IP-Address

Step 2: Enable Nginx HTTP/2.0 Protocol

3. The HTTP/2.0 protocol which is build by default in the latest release of Nginx binaries on Ubuntu 16.04 works only in conjunction with SSL and promises a huge speed improvement in loading web SSL web pages.

To enable the protocol in Nginx on Ubuntu 16.04, first navigate to Nginx available sites configuration files and backup the default configuration file by issuing the below command.

$ cd /etc/nginx/sites-available/
$ sudo mv default default.backup

4. Then, using a text editor create a new default page with the below instructions:

server {
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;

        root /var/www/html;

        index index.html index.htm index.php;

        server_name 192.168.1.13;

        location / {
                try_files $uri $uri/ =404;
        }

        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        ssl_dhparam  /etc/nginx/ssl/dhparam.pem;
        ssl_session_cache shared:SSL:20m;
        ssl_session_timeout 180m;
        resolver 8.8.8.8 8.8.4.4;
        add_header Strict-Transport-Security "max-age=31536000;
        #includeSubDomains" always;


        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

}

server {
       listen         80;
       listen    [::]:80;
       server_name    192.168.1.13;
       return         301 https://$server_name$request_uri;
}

The above configuration snippet enables the use of HTTP/2.0 by adding the http2 parameter to all SSL listen directives.

Also, the last part of the excerpt enclosed in server directive is used to redirect all non-SSL traffic to SSL/TLS default host. Also, replace the server_name directive to match your own IP address or DNS record (FQDN preferably).

5. Once you finished editing Nginx default configuration file with the above settings, generate and list the SSL certificate file and key by executing the below commands.

Fill the certificate with your own custom settings and pay attention to Common Name setting to match your DNS FQDN record or your server IP address that will be used to access the web page.

$ sudo mkdir /etc/nginx/ssl
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
$ ls /etc/nginx/ssl/

6. Also, create a strong DH cypher, which was changed on the above configuration file on ssl_dhparaminstruction line, by issuing the below command:

$ sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

7. Once the Diffie-Hellman key has been created, verify if Nginx configuration file is correctly written and can be applied by Nginx web server and restart the daemon to reflect changes by running the below commands.

$ sudo nginx -t
$ sudo systemctl restart nginx.service

8. In order to test if Nginx uses HTTP/2.0 protocol issue the below command. The presence of h2 advertised protocol confirms that Nginx has been successfully configured to use HTTP/2.0 protocol. All modern up-to-date browsers should support this protocol by default.

$ openssl s_client -connect localhost:443 -nextprotoneg ''

Step 3: Install PHP 7 Interpreter

Nginx can be used with PHP dynamic processing language interpreter to generate dynamic web content with the help of FastCGI process manager obtained by installing the php-fpm binary package from Ubuntu official repositories.

9. In order to grab PHP7.0 and the additional packages that will allow PHP to communicate with Nginx web server issue the below command on your server console:

$ sudo apt install php7.0 php7.0-fpm 

10. Once the PHP7.0 interpreter has been successfully installed on your machine, start and check php7.0-fpmdaemon by issuing the below command:

$ sudo systemctl start php7.0-fpm
$ sudo systemctl status php7.0-fpm

11. The current configuration file of Nginx is already configured to use PHP FastCGI process manager in order to server dynamic content.

The server block that enables Nginx to use PHP interpreter is presented on the below excerpt, so no further modifications of default Nginx configuration file are required.

location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

Below is a screenshot of what instructions you need to uncomment and modify is case of an original Nginx default configuration file.

12. To test Nginx web server relation with PHP FastCGI process manager create a PHP info.php test configuration file by issuing the below command and verify the settings by visiting this configuration file using the below address: http://IP_or domain/info.php.

$ sudo su -c 'echo "<?php phpinfo(); ?>" |tee /var/www/html/info.php'

Also check if HTTP/2.0 protocol is advertised by the server by locating the line $_SERVER[‘SERVER_PROTOCOL’] on PHP Variables block as illustrated on the below screenshot.

13. In order to install extra PHP7.0 modules use the apt search php7.0 command to find a PHP module and install it.

Also, try to install the following PHP modules which can come in handy in case you are planning to install WordPress or other CMS.

$ sudo apt install php7.0-mcrypt php7.0-mbstring

14. To register the PHP extra modules just restart PHP-FPM daemon by issuing the below command.

$ sudo systemctl restart php7.0-fpm.service

Step 4: Install MariaDB Database

15. Finally, in order to complete our LEMP stack we need the MariaDB database component to store and manage website data.

Install MariaDB database management system by running the below command and restart PHP-FPM service in order to use MySQL module to access the database.

$ sudo apt install mariadb-server mariadb-client php7.0-mysql
$ sudo systemctl restart php7.0-fpm.service

16. To secure the MariaDB installation, run the security script provided by the binary package from Ubuntu repositories which will ask you set a root password, remove anonymous users, disable root login remotely and remove test database.

Run the script by issuing the below command and answer all questions with yes. Use the below screenshot as a guide.

$ sudo mysql_secure_installation

17. To configure MariaDB so that ordinary users can access the database without system sudo privileges, go to MySQL command line interface with root privileges and run the below commands on MySQL interpreter:

$ sudo mysql 
MariaDB> use mysql;
MariaDB> update user set plugin=’‘ where User=’root’;
MariaDB> flush privileges;
MariaDB> exit

Finally, login to MariaDB database and run an arbitrary command without root privileges by executing the below command:

$ mysql -u root -p -e 'show databases'

That’ all! Now you have a LEMP stack configured on Ubuntu 16.10 and Ubuntu 16.04 server that allows you to deploy complex dynamic web applications that can interact with databases.

Source

In this article, we will go through the various steps to install the constituent packages in LAMP stack with PHP 7and MariaDB 10 on Ubuntu 16.10 Server and Desktop editions.

As you may already know, LAMP (Linux, Apache, MySQL/MariaDB, PHP) stack is the assortment of leading open source web development software packages.

This web platform is made up of a web server, database management system and a server-side scripting language, and is acceptable for building dynamic websites and a wide range of web applications. It can be used in a testing or production environment to support small-scale to very large web-based projects.

One of the common uses of LAMP stack is for running content management systems (CMSs) such as WordPress, Joomla or Drupal and many others.

Requirements

1. Ubuntu 16.10 Installation Guide

Step 1: Install Apache on Ubuntu 16.10

1. The first step is to start by installing Apache web server from the default Ubuntu official repositories by typing the following commands on terminal:

$ sudo apt install apache2
OR
$ sudo apt-get install apache2

2. After Apache web server successfully installed, confirm if the daemon is running and on what ports it binds (by default apache listens on port 80) by running the commands below:

$ sudo systemctl status apache2.service 
$ sudo netstat -tlpn

3. You can also confirm apache web server via a web browser by typing server IP address using HTTP protocol. A default apache web page should be appeared on the web browser similar to the below screenshot:

http://your_server_IP_address

4. If you want to use HTTPS support to secure your web pages, you can enable Apache SSL module and confirm port by issuing the following commands:

$ sudo a2enmod ssl 
$ sudo a2ensite default-ssl.conf 
$ sudo systemctl restart apache2.service
$ sudo netstat -tlpn

5. Now confirm Apache SSL support using HTTPS Secure Protocol by typing the below address in web browser:

https://your_server_IP_address

You will get the following error page, its because that apache is configured to run with a Self-Signed Certificate. Just accept and proceed further to bypass the certificate error and the web page should be displayed securely.

6. Next enable apache web server to start the service at boot time using following command.

$ sudo systemctl enable apache2

Step 2: Install PHP 7 on Ubuntu 16.10

7. To install most recent version of PHP 7, which is developed to run with speed enhancements on Linux machine, first do a search for any existing PHP modules by running the below commands:

$ sudo apt search php7.0

8. Once you came to know that proper PHP 7 modules are needed to setup, use apt command to install the proper modules so that PHP can able to run scripts in conjunction with apache web server.

$ sudo apt install php7.0 libapache2-mod-php7.0 php7.0-mysql php7.0-xml php7.0-gd

9. After PHP7 and its required modules are installed and configured on your server, run php -v command in order see the current release version of PHP.

$ php -v

10. To further tests PHP7 and its modules configuration, create a info.php file in apache /var/www/html/webroot directory.

$ sudo nano /var/www/html/info.php

add the below lines of code to info.php file.

<?php 
phpinfo();
?>

Restart apache service to apply changes.

$ sudo systemctl restart apache2

Open your web browser and type the following URL to check the PHP configuration.

https://your_server_IP_address/info.php 

11. If you wanted to install additional PHP modules, use apt command and press [TAB] key after php7.0 string and the bash autocomplete feature will automatically show you all available PHP 7 modules.

$ sudo apt install php7.0[TAB]

Step 3: Install MariaDB 10 in Ubuntu 16.10

12. Now it’s time to install latest version of MariaDB with the needed PHP modules to access the database from Apache-PHP interface.

$ sudo apt install php7.0-mysql mariadb-server mariadb-client

13. Once MariaDB has been installed, you need to secure its installation using the security script, which will set a root password, revoke anonymous access, disable root login remotely and remove the test database.

$ sudo mysql_secure_installation

14. In order to give MariaDB database access to system normal users without using sudo privileges, login to MySQL prompt using root and run the below commands:

$ sudo mysql 
MariaDB> use mysql;
MariaDB> update user set plugin=’‘ where User=’root’;
MariaDB> flush privileges;
MariaDB> exit

To learn more about MariaDB basic usage, you should read our series: MariaDB for Beginners

15. Then, restart MySQL service and try to login to database without root as shown.

$ sudo systemctl restart mysql.service
$ mysql -u root -p

16. Optionally, if you wanted to administer MariaDB from a web browser, install PhpMyAdmin.

$ sudo apt install php-gettext phpmyadmin

During PhpMyAdmin installation select apache2 web server, choose No for configure phpmyadmin with dbconfig-common and add a strong password for the web interface.

16. After PhpMyAdmin has been installed, you can access the web interface of Phpmyadmin at the below URL.

https://your_server_IP_address/phpmyadmin/ 

If you wanted to secure your PhpMyAdmin web interface, go through our article: 4 Useful Tips to Secure PhpMyAdmin Web Interface

That’s all! Now you have a complete LAMP stack setup installed and running on Ubuntu 16.10, which enables you to deploy dynamic websites or application on your Ubuntu server.

Source

ngxtop is a free open source, simple, flexible, fully configurable and easy-to-use real-time top-like monitoring tool for nginx server. It gathers data by parsing the nginx access log (default location is always /var/log/nginx/access.log) and displays useful metrics of your nginx server, thus helping you to keep an eye on your web server in real-time. It also allows you to parse Apache logs from a remote server.

How to Install and Use Ngxtop in Linux

To install ngxtop, first you need to install PIP in Linux, once you have pip installed on your system, you can install ngxtop using following command.

$ sudo pip install ngxtop

Monitor Nginx Server Requests

Now that you have installed ngxtop, the easiest way to run it is without any arguments. This will parse the /var/log/nginx/access.log and runs in follow mode (watch for new lines as they are written to the access log) by default.

$ sudo ngxtop

Sample Output

running for 411 seconds, 64332 records processed: 156.60 req/sec

Summary:
|   count |   avg_bytes_sent |   2xx |   3xx |   4xx |   5xx |
|---------+------------------+-------+-------+-------+-------|
|   64332 |         2775.251 | 61262 |  2994 |    71 |     5 |

Detailed:
| request_path                             |   count |   avg_bytes_sent |   2xx |   3xx |   4xx |   5xx |
|------------------------------------------+---------+------------------+-------+-------+-------+-------|
| /abc/xyz/xxxx                            |   20946 |          434.693 | 20935 |     0 |    11 |     0 |
| /xxxxx.json                              |    5633 |         1483.723 |  5633 |     0 |     0 |     0 |
| /xxxxx/xxx/xxxxxxxxxxxxx                 |    3629 |         6835.499 |  3626 |     0 |     3 |     0 |
| /xxxxx/xxx/xxxxxxxx                      |    3627 |        15971.885 |  3623 |     0 |     4 |     0 |
| /xxxxx/xxx/xxxxxxx                       |    3624 |         7830.236 |  3621 |     0 |     3 |     0 |
| /static/js/minified/utils.min.js         |    3031 |         1781.155 |  2104 |   927 |     0 |     0 |
| /static/js/minified/xxxxxxx.min.v1.js    |    2889 |         2210.235 |  2068 |   821 |     0 |     0 |
| /static/tracking/js/xxxxxxxx.js          |    2594 |         1325.681 |  1927 |   667 |     0 |     0 |
| /xxxxx/xxx.html                          |    2521 |          573.597 |  2520 |     0 |     1 |     0 |
| /xxxxx/xxxx.json                         |    1840 |          800.542 |  1839 |     0 |     1 |     0 |

To quit, press [Ctrl + C].

Parse Different Access Log

You can parse a different access log, for instance for a particular website or web app using the -l flag as shown.

$ sudo ngxtop -l /var/log/nginx/site1/access.log

List Top Source IPs of Clients

The following command will list all top source IP’s of clients accessing the site.

$ sudo ngxtop remote_addr -l  /var/log/nginx/site1/access.log

Sample Output

running for 20 seconds, 3215 records processed: 159.62 req/sec

top remote_addr
| remote_addr     |   count |
|-----------------+---------|
| 118.173.177.161 |      20 |
| 110.78.145.3    |      16 |
| 171.7.153.7     |      16 |
| 180.183.67.155  |      16 |
| 183.89.65.9     |      16 |
| 202.28.182.5    |      16 |
| 1.47.170.12     |      15 |
| 119.46.184.2    |      15 |
| 125.26.135.219  |      15 |
| 125.26.213.203  |      15 |

Use Particular Log Format

To use a log format as specified in log_format directive, employ the -f option as shown.

$ sudo ngxtop -f main -l /var/log/nginx/site1/access.log

Parse Apache Log From Remote Server

To parse Apache log file from a remote server with common format, use a command similar to the following (specify your username and remote server IP).

$ ssh user@remote_server tail -f /var/log/apache2/access.log | ngxtop -f common

Sample Output

running for 20 seconds, 1068 records processed: 53.01 req/sec

Summary:
|   count |   avg_bytes_sent |   2xx |   3xx |   4xx |   5xx |
|---------+------------------+-------+-------+-------+-------|
|    1068 |        28026.763 |  1029 |    20 |    19 |     0 |

Detailed:
| request_path                             |   count |   avg_bytes_sent |   2xx |   3xx |   4xx |   5xx |
|------------------------------------------+---------+------------------+-------+-------+-------+-------|
| /xxxxxxxxxx                              |     199 |        55150.402 |   199 |     0 |     0 |     0 |
| /xxxxxxxx/xxxxx                          |     167 |        47591.826 |   167 |     0 |     0 |     0 |
| /xxxxxxxxxxxxx/xxxxxx                    |      25 |         7432.200 |    25 |     0 |     0 |     0 |
| /xxxx/xxxxx/x/xxxxxxxxxxxxx/xxxxxxx      |      22 |          698.727 |    22 |     0 |     0 |     0 |
| /xxxx/xxxxx/x/xxxxxxxxxxxxx/xxxxxx       |      19 |         7431.632 |    19 |     0 |     0 |     0 |
| /xxxxx/xxxxx/                            |      18 |         7840.889 |    18 |     0 |     0 |     0 |
| /xxxxxxxx/xxxxxxxxxxxxxxxxx              |      15 |         7356.000 |    15 |     0 |     0 |     0 |
| /xxxxxxxxxxx/xxxxxxxx                    |      15 |         9978.800 |    15 |     0 |     0 |     0 |
| /xxxxx/                                  |      14 |            0.000 |     0 |    14 |     0 |     0 |
| /xxxxxxxxxx/xxxxxxxx/xxxxx               |      13 |        20530.154 |    13 |     0 |     0 |     0 |

For more usage options, view the ngxtop help message using the following command.

$ ngxtop -h  

ngxtop Github repository: https://github.com/lebinh/ngxtop

That’s it for now! In this article, we have explained how to install and use ngxtop in Linux systems. If you have any questions, or extra thoughts to add to this guide, use the comment form below. In addition, if you have come across any similar tools, also let us know and we will be grateful.

Source

Sysdig is an open-source, cross-platform, powerful and flexible system monitoring and troubleshooting tool for Linux; it also works on Windows and Mac OSX but with limited functionality and can be used for system analysis, inspection and debugging.

Normally, you would employ a mix of various Linux performance monitoring and troubleshooting toolsincluding these ones listed below to perform the Linux monitoring and debugging tasks:

1. strace – discover system calls and signals to a process.
2. tcpdump – raw network traffic monitoring.
3. netstat – network connections monitoring.
4. htop – real time process monitoring.
5. iftop – real time network bandwidth monitoring.
6. lsof – view which files are opened by which process.

However, sysdig integrates what all the above tools and many more, offer in a single and simple program, more so with amazing container support. It enables you to capture, save, filter and examine the real behavior (stream of events) of Linux systems as well as containers.

It comes with a command line interface and a powerful interactive UI (csysdig) which allow you to watch system activity in real time, or perform a trace dump and save for later analysis. You can watch how csysdig works from the below video.

Sysdig Features:

• It is fast, stable and easy-to-use with comprehensively well documented.
• Comes with native support for container technologies, including Docker, LXC.
• It is scriptable in Lua; offers chisels (lightweight Lua scripts) for processing captured system events.
• Supports useful filtering of output.
• Supports system and application tracing.
• It can be integrated with Ansible, Puppet and Logstash.
• Enable sample advanced log analysis.
• It also offers Linux server attack (forensics) analysis features for ethical hackers and lot’s more.

In this article, we will show how to install sysdig on a Linux system, and use it with basic examples of system analysis, monitoring and troubleshooting.

How To Install Sysdig in Linux

Installing sysdig package is as easy as running the command below, which will check all the requirements; if every thing is in place, it will download and install the package from the Draios APT/YUM repository.

# curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | bash 
OR
$ curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash

After installing it, you need to run sysdig as root because it requires access to critical areas such as /proc file system, /dev/sysdig* devices and needs to auto-load the sysdig-probe kernel module (in case it is not); otherwise use the sudo command.

The most basic example is running it without any arguments, this will enable you to view your Linux system stream of events updated in real-time:

$ sudo sysdig

The above output (raw data) does not perhaps make a lot of sense to you, for a more useful output run csysdig:

$ sudo csysdig 

Note: To get the real feel of this tool, you need to use sysdig which produces raw data as we saw before, from a running Linux system: this calls for you to understand how to use filters and chisels.

But if you need a painless means of using sysdig – continue with csysdig.

Understanding Sysdig Chisels and Filters

Sysdig chisels are minimal Lua scripts for examining the sysdig event stream to carry out useful system troubleshooting actions and more. The command below will help you view all available chisels:

$ sudo sysdig -cl

The screen shot shows a sample list of chisels under different categories.

If you want to find out more information about a particular chisel, use the -i flag:

$ sudo sysdig -i topprocs_cpu

Sysdig filters add more power to the kind of output you can obtain from event streams, they allow you to customize the output. You should specify them at the end of a command line.

A straightforward and commonest filter is a basic “class.field=value” check, you can also combine chisels with filters for even more powerful customizations.

To view a list of available field classes, fields and their descriptions, type:

$ sudo sysdig -l

Creating Linux System Trace File

To dump sysdig output in a file for later analysis, use the -w flag like this.

You can read the trace dump file using the -r flag:

$ sudo sysdig -r trace.scap

The -s option is used to specify the amount of bytes of data to be captured for each system event. In this example, we are filtering events for the mongod process.

$ sudo sysdig -s 3000 -w trace.scap
$ sudo sysdig -r trace.scap proc.name=mongod

Monitoring Linux Processes

To list system processes, type:

$ sudo sysdig -c ps

Monitor Processes by CPU Usage

To watch top processes by CPU usage percentage, run this command:

$ sudo sysdig -c topprocs_cpu

Monitoring Network Connections and I/O

To view system network connections, run:

$ sudo sysdig -c netstat

The following command will help you list top network connections by total bytes:

$ sudo sysdig -c topconns

Next, you can also list top processes by network I/O as follows:

$ sudo sysdig -c topprocs_net    

Monitoring System File I/O

You can output the data read and written by processes on the system as below:

$ sudo sysdig -c echo_fds

To list top processes by (read + write) disk bytes, use:

$ sudo sysdig -c topprocs_file   

Troubleshooting a Linux System Performance

To keep an eye on system bottlenecks (slow system calls), execute this command:

$ sudo sysdig -c bottlenecks

Track Execution Time of a Process

To track the execution time of a process, you can run this command and dump the trace in a file:

$ sudo sysdig -w extime.scap -c proc_exec_time 

Then use a filter to zero down on details of a particular process (postgres in this example) as follows:

$ sudo sysdig -r extime.scap proc.name=postgres

Discover Slow Network I/0

This simple command will help you detect slow network I/0:

$ sudo sysdig -c netlower     

Watching Log File Entries

The command below helps you display every message written to syslog, if you are interested in log entries for a specific process, create a trace dump and filter it out accordingly as shown before:

$ sudo sysdig -c spy_syslog      

You can print any data written by any process to a log file as follows:

$ sudo sysdig -c spy_logs   

Monitoring HTTP Server Requests

If you have a HTTP server such as Apache or Nginx running on our system, look through the server’s requests log with this command:

$ sudo sysdig -c httplog    
$ sudo sysdig -c httptop   [Print Top HTTP Requests] 

Display Login Shells and Interactive User Activity

The command below will enable you view all the login shell IDs:

$ sudo sysdig -c list_login_shells

Last but not least, you can show interactive activity of system users like so:

$ sudo sysdig -c spy_users

For more usage information and examples, read the sysdig and csysdig man pages:

$ man sysdig 
$ man csysdig

Reference: https://www.sysdig.org/

Also check these useful Linux performance monitoring tools:

1. 1. BCC – Dynamic Tracing Tools for Linux Performance Monitoring, Networking and More
   2. pyDash – A Web Based Linux Performance Monitoring Tool
   3. Perf- A Performance Monitoring and Analysis Tool for Linux
   4. Collectl: An Advanced All-in-One Performance Monitoring Tool for Linux
   5. Netdata – A Real-Time Performance Monitoring Tool for Linux Systems

Conclusion

Sysdig brings together functionalities from numerous command line tools into one remarkable interface, thus allowing you to dig deep into your Linux system events to gather data, save for later analysis and it offers incredible container support.

To ask any questions or share any thoughts about this tool, use the feedback form below.

Source